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(U) MESSAGE FROM THE INSPECTOR GENERAL 
28 October 2016 


(U) On behalf of the National Reconnaissance Office (NRO) Office of 
Inspector General (OIG), I am pleased to submit this report on the OIG’s 
activities. This report highlights significant findings and recommendations 
identified during the course of the OIG’s work, as well as OIG 
accomplishments, including organizational and procedural changes, for 
the period 1 April 2016 through 30 September 2016. The activities 
described in this report exemplify our continuing commitment to 
improving the efficiency and effectiveness of NRO programs and 
operations. 





(U) During this reporting period, it was my honor to be confirmed by the 
United States Senate and appointed by President Barak Obama to be the 
NRO Inspector General. I look forward to affecting positive changes at 
the NRO, for NRO’s stakeholders, and for the American taxpayers during 
my tenure. 


(U//EQ#O) This reporting period saw numerous OIG achievements. 

Highlights include the development of a new OIG Strategic Plan that will 

focus on three goals intended to enhance the skills and expertise of the 

OIG and its staff; provide stakeholders with more timely, useful 

information and products; and improve NRO programs, processes, and 

cost efficiencies. Other highlights include the OIG’s first (b)(3) 
Which won the Intelligence Community Inspector 

General 2016 Collaboration Award, and the inclusion of a new section in 

this report that identifies those findings and recommendations 

determined as significant by the OIG during this reporting period. 























(U) As is always the case, we enjoyed a collaborative relationship with 
Director Sapp and with NRO’s leadership and workforce. Director Sapp 
and her management team are actively engaged in addressing open 
recommendations and implementing corrective actions. The OIG did not 
experience any issues related to access to NRO records or personnel. 


(U) I very much appreciate the cooperation and support of the Congress 
and its staff as we continue to affect positive change at the NRO. I 
would also like to thank the dedicated and professional NRO OIG staff for 
their continued hard work and commitment to providing effective 
oversight of NRO programs and operations. 


aw Me * 
Ny 





Susan S. Gibson 
Inspector General 
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(U//FOUS)During this reporting period, the National Reconnaissance 
Office (NRO) Office of Inspector General (OIG) focused its oversight 
efforts and resources to address management challenges and issues of 
greatest risk within the NRO. Specifically, the OIG performed work on 19 
projects, ten of which were completed and nine are ongoing. The 
projects derive from previous NRO OIG annual work plans; address 
mandated requirements; respond to alleged violations of law, regulation, 
or policy; or evaluate emerging issues. The OIG’s efforts enhanced the 
economy, efficiency, and effectiveness of NRO programs; assisted in 
detecting and preventing fraud and abuse; safeguarded taxpayer 
investments; and supported the mission of the NRO. 


(U//FOYQ)In addition, the OIG experienced organizational and 

operational changes. For the first time in its history, an NRO Inspector 

General nominee was confirmed by the United States Senate and 

appointed by President Barak Obama in late September. Also, the OIG 

has implemented several operational changes including updating its 

Strategic ul and (b)(3) 
identifying findings and recommendations determined as significant by 

the OIG during this reporting period. 


(U) APPOINTMENT OF A NEW INSPECTOR GENERAL 


(U) On 22 September 2016, President Barack Obama appointed 

Ms. Susan S. Gibson as the first Senate confirmed, presidentially- 
appointed Inspector General (IG) at the NRO. Ms. Gibson brings a wealth 
of experience to the OIG. Prior to her appointment, she served as the 
Principal Deputy General Counsel for the Office of the Director of National 
Intelligence. Previously, Ms. Gibson spent more than 20 years in the 
Army Judge Advocate General’s Corps, where she prosecuted and 
defended at courts-martial; taught at the U.S. Military Academy, West 
Point; served as the Staff Judge Advocate for the Army’s Criminal 
Investigation Command; and provided legal advice on intelligence 
operations at the Defense Intelligence Agency. Her extensive Intelligence 
Community (IC) and military experience enhances the OIG’s ability to 
carry out its mission to “Assure Effective Stewardship of Taxpayer Dollars 
by Promoting Economy, Efficiency, and Effectiveness; and Preventing and 
Detecting Fraud, Waste, Abuse, and Mismanagement in NRO Programs.” 














(U) During this semiannual reporting period, the OIG initiated the 
development of a new Strategic Plan covering Fiscal Years (FY) 

2017 — 2021. The Plan, to be published in early FY 2017, will update the 
prior Strategic Plan to reflect myriad changes to the OIG. Development 
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of the new OIG Strategic Plan is based on a comprehensive data 
collection effort that focused primarily on information provided by the 
OIG staff through a detailed questionnaire. The OIG analyzed the data, 
and combined it with the results of benchmarking strategic plans of other 
Inspectors General, climate survey results, and analysis of selected 
strategic intelligence documents. 




















(U//FONQ)_As a result of its innovative outreach approach, the NRO OIG 
received the Intelligence Community Inspector General Collaboration 
Award. The award recognized the OIG’s outstanding work and 
collaboration among its Audit, Inspection, and Investigation Divisions to 
promote the role of the OIG and bring critical concerns that impacted the 
workforce to the NRO leadership’s attention. 


(U) IDENTIFYING SIGNIFICANT FINDINGS AND RECOMMENDATIONS 





(U) During this semiannual reporting period, the NRO OIG began 
reporting specific findings and recommendations determined in the 
course of its work to be significant. This addition was included to more 
effectively fulfill the requirements set forth in §5(a)(1-2) of the Inspector 
General Act of 1978, as amended. 


(U) To ensure consistency across the OIG, the OIG established standard 
criteria to identify significant findings and recommendations. A significant 
finding or recommendation is one that addresses a problem, abuse, or 
deficiency that meets one or more of the following criteria: 
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Involves substantial risk or vulnerabilities to the NRO’s mission or 
programs; 

Involves inadequate stewardship of NRO resources, such as improper 
use of funds or lost opportunities for savings, which significantly 
impact an NRO program or activity or present a risk of a significant 
loss of resources; 


Involves the integrity of the oversight process or the NRO’s 
relationship with Congress; 


Involves noncompliance with law, Executive Order, or Presidential 
Directive, or significant violation of Agency regulation or policy; 


Involves an area that has been previously identified as a management 
challenge, significant deficiency, or material weakness, or for which 
there has been a series of deficiencies; 


Involves life-threatening conditions or risk of substantial bodily injury 
or environmental contamination; or 


Involves correcting an issue that permeates/cascades through a 
program or activity, and is the direct cause for a number of 
deficiencies identified throughout the review. 


(U) The IG makes the final determination whether a finding or 
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(U) SUMMARY OF COMPLETED AND ONGOING PROJECTS 


(U) COMPLETED PROJECTS - OVERVIEW 


(U) Table 2 identifies the completed projects for this semiannual 
reporting period. Following the table are short descriptions of the 
conclusions and recommendations made for each project. 


(U) TABLE 2: COMPLETED PROJECTS — APRIL-SEPTEMBER 2016 


Title __Date Completed 
(U) Follow-up Audit of the Effectiveness of Management Oversight of 


Federally Funded Research and Development Centers in the Systems 21 Apri 2016 
Engineering Directorate 
(U) Fiscal Year 2015 Assessment of the National Reconnaissance 


Office Purchase Card Program and Review Results AY May 2016 








25 May 2016 





(U) Follow-up Evaluation of NRO Classification Management 
Public Law 111-258, the Reducing Over-Classification Act 
(U) Audit of the National Reconnaissance Office 


13 June 2016 











Aerospace Data Facility Colorado Facilities Infrastructure epee eee 

(U) National Reconnaissance Office GEOINT-Financials 

Statement on Standards for Attestation Engagements 

No. 16 Examination Management Letter for the Period ge NGUS 2049 

O1 July 2015 to 30 June 2016 

(U) Inquiry of Extended Paid Administrative Leave for Department of 

Defense Cadre Personnel 23 August 2010 
2 September 2016 








(U) Office of Inspector General Fiscal Year 2016 Independent 
Evaluation of National Reconnaissance Office Compliance 13 September 2016 
with Federal Information Security Modernization Act 

















r 
USA, FVEY 


Table is SECRET//TK Lier? 





(U) COMPLETED PROJECTS - RECOMMENDATIONS 


(U) Follow-up Audit of the Effectiveness of Management 
Oversight of Federally Funded Research and Development 
Centers in the Systems Engineering Directorate. In its FY 2016 
Congressional Marks, the House Permanent Select Committee on 
Intelligence requested that the “NRO IG conduct a follow-up review to 
assess the effectiveness of the management changes taking place within 
the Systems Engineering Directorate [SED]....”. The OIG follow-up review 
noted that in response to previous audit recommendations, the SED 
management implemented corrective actions to facilitate using and 
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overseeing Federally Funded Research and Development Centers (FFRDC) 
personnel/resources more effectively. Specifically, SED management 
established an FFRDC training program for the SED staff, and initiated 
FFRDC program management reviews (PMR). 


(U//FOUS}Overall, the OIG found that the newly implemented training 
and PMRs appear to strengthen SED‘s ability to monitor its FFRDCs more 
effectively and assist in the reprioritization of FFRDC tasks to mission 
needs. Further, these changes allow for improved management of the 
distribution of resources across the SED. 


(U/JFOUS).The OIG made no recommendations. However, it views 
sustainability as a key aspect of an effective control environment. 
Therefore, the OIG will continue to monitor SED’s implementation of 
corrective actions and may review SED’s management of FFRDCs at a 
future date. 





(U) Fiscal Year 2015 Assessment of the National 
Reconnaissance Office Purchase Card Program and Review 
Results. The OIG concluded that the risk of illegal, improper, or 
erroneous procurements made with the NRO Government-wide 
Commercial Purchase Card was low. However, the OIG found that 
although the NRO has various charge card controls in place, it still lacks 
an all-encompassing policy needed to manage multiple types of cards 
used at the NRO. 


(U//FON®} Ihe OIG recommended that the NRO develop and submit to 
the Office of Management and Budget (OMB) a comprehensive Charge 
Card Management Plan that encompasses the NRO purchase, travel, and 
fleet card programs. 














(U7TFOUQ) The OIG made no recommendations as a result of this 
assessment. Instead, it provided a draft memorandum and briefing slides 
to the Communications Systems Directorate (COMM) and requested that 
COMM consider appropriate measures to address identified issues. 

COMM concurred with the information contained in the briefing slides. 
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(U/7FOYQ) Follow-up Evaluation of NRO Classification 
Management Public Law 111-258, the Reducing Over- 
Classification Act. The Reducing Over-Classification Act requires that 
each Federal OIG conduct at least two evaluations of its department or 
agency’s Classified National Security Information (CNSI) program by 

30 September 2016. The NRO OIG published its first evaluation on 

30 September 2013, and found that the NRO had not fully adopted, 
followed, or effectively administered federally required classification 
policies, procedures, rules and regulations. The 2013 report included two 
overarching recommendations to address the identified shortfalls. 


(U/7FONQ) The 2016 evaluation found that the NRO has made significant 
progress against the shortfalls identified in 2013. For example, the NRO 
has developed a derivative classification training module that includes all 
aspects of federal requirements. However, the NRO has yet to finalize 
and approve the release of the training to all personnel performing 
derivative classification duties. Further, the NRO has not yet developed a 
tracking mechanism to adequately monitor training completion by 
contractors. In addition original and derivative classifiers continue to 
make classification marking errors, the majority occurring in the 
classification authority block. 


(U77FOYQ). The OIG recommended the NRO: 


» (U) formally designate in writing, a Senior Agency Official to direct 
and administer the NRO CNSI Program; 


>» (U) obtain written approval to implement changes and execute the 
self-inspection program; 


>» (U) complete and execute the web-based derivative classification 
training (CLOSED); 


>» (U) develop a documented process, including tracking procedures, 
that ensures contractors without NMIS access receive derivative 
classification training; and. 


» (U) develop and execute a strategy to ensure compliance with federal 
classification requirements as well as NRO established policies. 


(U/ /FOUG) Audit of the National Reconnaissance Office 
Aerospace Data Facility Colorado Facilities Infrastructure. The 
NRO's recent organizational transformation activities address many of the 
challenges the OIG identified regarding facilities infrastructure, to include 
a lack of clarity in facility management responsibilities. However, the OIG 











found that several challenges remain| (b)(3) 











The OIG recommended that the NRO 





>» (U) review and modify guidance to ensure the distinction between 
MOD, the Management Services and Operations Directorate, and 
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ADF-C Commander roles and responsibilities for facility oversight and 
maintenance is identified and uniformly documented; and 














(U) National Reconnaissance Office GEOINT-Financials 
Statement on Standards for Attestation Engagements No. 16 
Examination Management Letter for the Period 01 July 2015 to 
30 June 2016. The NRO OIG reported that the NRO met the 
requirements established by OMB and Congress related to improper 
payments, but noted the NRO should 


>» (U) improve the supporting documentation for the Improper Payment 
Information Act of 2002 risk assessment; 


>» (U) improve the supporting documentation for duplicate payment 
testing; 


>» (U) develop actionable alternatives to address the FY 2013 findings; 
and 


>» (U) ensure compliance with NRO Acquisition Manual requirements for 
improper payment returns to the NRO. 





“(STANEL Inquiry of Extended Paid Administrative Leave for 
Department of Defense Cadre Personnel. The OIG identified four (b)(1) 
personnel on extended paid administrative leave as of 25 June 2016 (b)(3) 














| Office of Human Resources 





documentation showed the NRO paid approximatel n salary (b)(3) 
and benefits to these four individuals while they were In this leave status. 
The OIG identified shortcomings in Cadre governance documentation. 


(U) The OIG recommended that the NRO 


>» (U) finalize all appropriate governing documents for the NRO DoD 
Cadre, and the Personnel Evaluation Board (PEB); 











> (U) clarify responsibilities and procedures for the PEB and document 
in NRO Instruction 70-7-2, Personnel Evaluation Board: 
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(b)(1) 
(b)(3) 
(b)(1) 
(b)(3) 

(U) Office of Inspector General Fiscal Year 2016 Independent 

Evaluation of National Reconnaissance Office Compliance 

with Federal Information Security Modernization Act. The OIG (b)(3) 

contracted the independent public accounting firm o 

to conduct this evaluation. is (b)(3) 

responsible for the evaluation’s conclusions. 
(b)(1) 
(b)(3) 
(b)(S) 
(b)(1) 
(b)(3) 











A (U/JFO8eLThe Council for Inspector Generals on Integrity and Efficiency (CIGIE), in coordination with the Department of 
Homeland Security, established a maturity model rating on a scale of “1” (Ad hoc) to “5” (Optimized) for the Information Security 
Continuous Monitoring Program. 
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(U) ONGOING PROJECTS - OVERVIEW 


(U//FOUQ) Table 3 identifies the ongoing projects for this semiannual 
reporting period. Following the table are short descriptions of the 
objectives for each project. 


(U) TABLE 3: ONGOING PROJECTS — APRIL-SEPTEMBER 2016 


Title Date Initiated 
(U) Audit of Project Management within the Ground Enterprise i 

Directorate oo. 
(U) Joint Inspection of the Aerospace Data Facility Colorado, i 

National Security Agency/Centra! Security Service-Colorado, and | 7 December 2015 


National Geospatial-Intelligence Agency-Denver 

(LU) Inspection of NRO Supervisory Control and Data Acquisition 
Systems (SCADA) 

(U) Inspection of NRO 


2 February 2016 














8 February 2016 (b)(3) 














(U) Inspection of the NRO Defense Civilian Intelligence Personnel 
System (DCIPS) Performance Management Process 

(U) Audit of the NRO’s Transition to an Enterprise IT Audit 
Capability 

(U)} Office of Inspector General Audit of the National 
Reconnaissance Office Fiscal Year 2016 Financial Statements 

(U) Consolidated Facilities Operation and Maintenance Performance : 
Audit ! 
(U) Audit of the Transition of the MOUNTAINVIEW Facility to the 
National Reconnaissance Office 


18 February 2016 
25 February 2016 
i March 2016 


22 April 2016 


29 June 2016 
Table is UNCLASSIFIED 


(U) ONGOING PROJECTS - OBJECTIVES 


(U) Audit of Project Management within the Ground Enterprise 
Directorate. Objective: Determine whether the Ground Enterprise 
Directorate (GED) has implemented a system of processes and 
procedures to effectively manage its projects. Specifically, the audit will 
determine whether GED has defined and implemented system 
engineering and acquisition processes and procedures through its System 
Program Offices to the project/contract level. 





(U/ /FOUQ) Joint Inspection of the Aerospace Data Facility 
Colorado, National Security Agency/Central Security Service— 
Colorado, and National Geospatial-Intelligence Agency-Denver. 
Objective: The NRO OIG and the OIGs from the National Security Agency (NSA), 
the National Geospatial-Intelligence Agency (NGA), and Office of the 
Inspector General of the Intelligence Community are evaluating the 
effectiveness and efficiency of the ADF-C, NSA-Colorado, and 
NGA-Denver in performing their missions. The joint inspection also 
includes an evaluation of mission systems and engineering; facilities and 
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safety; security; information technology (IT) and systems; and 
intelligence oversight. 





(U/7FOuQ) Inspection of NRO Supervisory Control and Data 
Acquisition Systems (SCADA). Objective: Assess NRO’s SCADA 
program and related NRO industrial control systems. 


(U) Inspection of aes 
Objective: Assess the efficiency and effectiveness 


of the NRO and its compliance 
with internal and external policies. 






































(U) Inspection of the NRO Defense Civilian Intelligence 
Personnel System (DCIPS) Performance Management Process. 
Objective: Assess the NRO’s compliance with Department of Defense 
(DoD) Instruction 1400.25, Volume 2011, DoD Civilian Personnel 
Management System and other regulatory guidance. 





(U) Audit of the NRO’s Transition to an Enterprise IT Audit 
Capability. Objective: Determine whether the NRO is effective in its 
efforts to transition to a uniform IT audit capability. Specifically, the OIG 
is assessing whether the NRO is developing and implementing an 
enterprise approach to collect and share IT audit information. 





(U) Office of Inspector General Audit of the National 
Reconnaissance Office Fiscal Year 2016 Financial Statements. 
Objective: Determine whether the financial statements and related notes 
are presented fairly in all material respects, in accordance with all 
applicable guidance to include guidance issued by the Federal Accounting 
Standards Advisory Board and OMB. The OIG is also reviewing internal 
controls and compliance with laws and regulations, and follow up on the 
status of prior-year audit findings. 





(U) Consolidated Facilities Operation and Maintenance 
Performance Audit. Objective: Evaluate NRO‘s oversight on the 
Consolidated Facilities Operation and Maintenance contractor 
performance. Specifically, the OIG is reviewing how the NRO verifies the 
contractor’s costs, staffing and performance in accordance with contract 
requirements. 





(U) Audit of the Transition of the MOUNTAINVIEW Facility to the 
National Reconnaissance Office. Objective: Assess the transition of 
the MOUNTAINVIEW to the NRO. Specifically, the 
OIG is reviewing the planned MOUNTAINVIEW operations and 
maintenance strategy as well as the facility acceptance process in support 
of the transfer of assets to the NRO. 
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~~ (U7FEYO)_During the preliminary planning phase, the OIG became 
aware of several matters 
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(U/]FONQ) The OIG Investigations Division conducts criminal, civil, and 
administrative investigations into alleged violations of federal law, 
regulation, and policies involving NRO funds, operations, and programs. 
During this reporting period, the Investigations Division produced 20 
Reports of Investigation and identified almost $3.1 million due back to 
the NRO or the United States Treasury. The OIG reported 16 of these 
20 cases involving contractors to the Office of Contracts (OC) for 
suspension and debarment consideration. The OIG provides all Reports 
of Investigation to OS&CI for security consideration and action as 
appropriate. 


(U/JFOHO)In the second half of FY 2016, the Investigations Division 

responded to 163 allegations. The percentage of regulatory and other, 

non-criminal allegations remained relatively consistent compared to the 

first half of the fiscal year.’ The overall percentage of false claims 

allegations decreased from 41 percent in the first half of FY 2016 to 

29 percent in the last half of the year. However, the number of false 

claim cases based on allegations that companies (b)(1) 




















Figure 3 illustrates the types and percentages of these cases 
opened during this reporting period. 





x (U/JPONQL These commonly involve violations of the Code of Federal Regulations, to include conflicts of interest, misuse of 
position, and other potential wrongdoing related to the ethical obligations inherent in government service. 
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(U) FIGURE 3: SUMMARY OF ALLEGATIONS RECEIVED BY TH 
NRO OIG INVESTIGATIONS DIVISION 
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*(U//PON@L Other Crime” includes a broad category of alleged criminal wrongdoing reported to the 
OIG. Allegations that do not fall into the category of fraud, waste, and abuse affecting NRO programs 
are referred to the appropriate investigative agency. Other crimes subject to investigation by the OIG 
may include, but are not limited to, wire fraud, counterfeit and forgery of official documents, private 
conversion of NRO resources, or deliberate damage to NRO property. 

Figure is UNCLASSIFIED 


(U) SELECTED INVESTIGATION SUMMARIES 


(U//FOUQ) The Investigations Division completed 14 investigations of 
False Claims by NRO contractor personnel during this reporting period. 

In total, these investigations identified approximately $853,000 in funds 
recoverable to the NRO or the United States Treasury. The United States 
Attorney’s Office (USAO) declined prosecution for each of these cases in 
favor of an administrative settlement. The OIG referred each case to the 
OC for administrative action within the terms of any affected contracts, to 
include financial restitution, and/or the removal of the offender’s security 
clearance where applicable. Particularly significant investigations of False 
Claims and other crimes include the following: 


> (U//FOXQ) The most significant False Claims case was a labor 
mischarging case involving one employee who mischarged over 
to the NRO program over a period of 10 years. (b)(3) 
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> (U//PONQ) The OIG investigated a former government employee who 
violated the terms of his post-employment restrictions when he 
involved himself as a contractor on a program he previously managed 
as a senior government officer. The OIG linked his actions to a 
previous OIG case from an earlier reporting period involving a firm 
with an organizational conflict of interest. While the USAO declined 
prosecution, the OIG provided the facts of this case to the OC for 
suspension and debarment consideration. 


> (U/JFOXYQ) The OIG investigated a contractor employee who falsified 
the results of tests he conducted on parts intended for use in an NRO 
system. After subjecting the part to inappropriate thermal testing 
that may have caused it harm, the employee concealed his conduct 
by submitting false test results that, instead, showed he tested the 
part properly. Upon discovery, the program quarantined the part in 
question and removed the employee from access to NRO programs. 
His company subsequently terminated his employment and provided 
the NRO with a credit for the improperly tested parts. 


> (U//FORQ)_The OIG investigated a government employee at a mission 
ground station who misused a government vehicle to conduct a 
personal errand. While inappropriately using the vehicle, the 
employee was involved in a traffic collisi ulting in a total loss of 
the vehicle valued at ee a The government (b)(3) 


subsequently suspended the employee for 30 days without pay. 
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| (U) REVIEW OF LEGISLATION AND REGULATIONS 





(U) The Inspector General Act of 1978, as amended, requires federal 
agency OIGs to review existing and proposed legislation and regulations 
relating to their agency’s programs and operations. Based on these 
reviews, the OIGs are required to make recommendations in their 
semiannual reports concerning the impact of the legislation and 
regulations on (1) the economy and efficiency of programs and 
operations of their agency and (2) the prevention and detection of fraud 
and abuse in programs and operations of their agency. 


(U) The NRO OIG conducts such reviews and provides comments and 
recommendations to Congress, when warranted, through a variety of 
means including reports and coordination with the Council of the 
Inspectors General on Integrity and Efficiency (CIGIE). For example, 
during this reporting period the NRO OIG reviewed all pertinent draft 
legislation to include the Jnspector General Empowerment Act of 2015 
and the Intelligence Authorization Act for Fiscal Year 2017. The NRO OIG 
provided comments to the CIGIE for inclusion in its comments to the 
respective Act’s authors. The OIG also assessed the merits of requesting 
the repeal of that portion of §8H(g)(1) of the Jnspector General Act of 
1978, as amended, which currently mandates annual reporting by the 
NRO OIG. 


ai 
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(U) As required by the /nspector General Act of 1978, as amended, this 
Semiannual Report provides information regarding the NRO’s compliance 
with the requirements of the Federa/ Financial Management Improvernent 
Act of 1996 (FFMIA). Specifically, the FFMIA requires organizations to 
implement and maintain financial management systems that are 
substantially in compliance with federal accounting standards and with 
federal financial management systems requirements. 


(U//E@¥6y For FY 2016, the NRO OIG contracted with to assess (b)(3) 
the NRO’s financial systems for compliance with applicable laws and 
standards as part of its Audit of the National Reconnaissance Office Fiscal 
Year 2016 Financial Statements. is currently performing the (b)(3) 
FY 2016 Financial Statements audit for the NRO, which should provide 
updated information on the extent to which NRO financial systems 
comply with applicable standards and requirements. The OIG expects 

O publish the FY 2016 Financial Statement Audit Report in (b)(3) 
November 2016. 
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_(U) PEER REVIEWS 





(U) The Inspector General Act of 1978, as amended, requires that OIGs 
report on peer reviews conducted during this semiannual reporting 
period. The purpose of a peer review is to determine whether an 
organization’s system of quality control is suitably designed and whether 
its staff is effectively implementing those quality controls and conforming 
to applicable professional standards. Generally Accepted Government 
Auditing Standards issued by the Comptroller General of the United 
States require that audit organizations performing audits, attestation 
engagements, or both, undergo a peer review at least once every three 
years by reviewers independent of the audit organization to determine if 
an appropriate internal quality control system is in place. Similarly, CIGIE 
established Quality Standards for Inspection and Evaluation (CIGIE 
Standards) for maintaining quality assurance that include having external 
quality assurance reviews of audits, investigations, inspections, 
evaluations, and other OIG activities. 


(U) PEER REVIEW OF THE NRO OFFICE OF INSPECTOR GENERAL 


(U) The NSA OIG led a peer review of the NRO OIG Inspections Division 
from 23 May 2016 to 28 June 2016. The objective of the review was to 
determine whether the NRO OIG Inspections Division's internal policies 
and procedures addressed CIGIE Standards and whether the resulting 
reports complied with the CIGIE Standards. 


(U//PON)_The Peer Review Team found that the NRO OIG Inspections 
Division complied with the CIGIE Standards and associated requirements. 
While some minor instances of noncompliance on individual inspection 
reports were noted, these instances did not appear to be systemic and 
did not impact the NRO OIG Inspections Division’s compliance with the 
CIGIE Standards. 


(U) In addition to the review of the Inspections Division, the Peer Review 
Team also conducted a limited modified review of the sole report issued 
by the Special Projects Division, which was established in 2015. The NSA 
found that the Special Projects Division report substantially complied with 
the CIGIE standards and associated requirements. 





(U) The NRO OIG did not conduct any peer reviews of other agencies’ 
OIGs during this reporting period. 
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(U) APPENDIX A: SEMIANNUAL REPORTING REQUIREMENTS 


(U) The National Reconnaissance Office (NRO) Office of Inspector 
General (OIG) conducts audits, inspections, investigations, and special 
reviews in accordance with the requirements of Jnspector General Act of 
1978, as amended. Those requirements include promoting economy, 
efficiency, and effectiveness; detecting and preventing fraud and abuse; 
and supporting the mission of the NRO. The Act also establishes 
semiannual reporting requirements that highlight activities and significant 
issues that arise during the reporting period that may be of interest to 
Congress. Table Ai identifies the semiannual reporting requirements 
and the location of the corresponding information in this report. 


(U) TABLE Ail: SEMIANNUAL REPORTING REQUIREMENTS 























Reporting Requirement _ Page 
SEC 4(a)(2) Legislation and regulation review 2 
SEC 5(a)(1-2) Significant problems. abuses, and deficiencies; 5 
recommendations for corrective action 

SEC 5(a)(3) Prior significant recommendations not yet N/A 
implemented 

SEC 5(a)(4) Matters referred to authorities resulting in N/A 
prosecutions and convictions 

SEC 5(a)(5) Summary of refusals to provide information N/A 

SEC 5(a)}(6-7) List and summary of reports issued during the 7 
reporting period 

SEC 5{a)(8-9) Tables showing questioned costs and funds that N/A 
should be put to better use 

SEC 5(a)(10-12) Summary of reports with no management decision; 
Description and explanation of revised 

ees Je N/A 

management decisions; Management decisions 
with which Inspector General disagrees 

SEC 5(a)(13) Financial systems compliance with federal 3 
requirements 

SEC 5(a)(i4-16) Peer review reporting | 25 

Table is UNCLASSIFIED 
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(U) APPENDIX B: RECOMMENDATIONS OLDER THAN ONE YEAR 


(U) Table Bi summarizes all open recommendations described in 
previous National Reconnaissance Office (NRO) Office of Inspector 
General (OIG) semiannual reports for which corrective action has not yet 
been completed within a year of issuance. Details on each open 
recommendation are included in Tables B2-B12. 


(U) TABLE B1: RECOMMENDATIONS OLDER THAN ONE YEAR 









Repaxt Title . Report Date Total Open 
(U//E Audit of the National Reconnaissance _ 2. September 2010 : 3 t 





Office Contractor Wide Area Network 


(U) Audit of the Management of Information 
Systems Privileged Users 


(U) Audit of Chief Information Officer Management 
of National Reconnaissance Office Information 20 December 2013 
Technology 


(U) Inspection of the Special Communications 
Office 


(U) Joint Inspection of Aerospace Data Facility East 
and National Geospatial-Intelligence Agency- ii February 2014 
Franconia 












19 November 2010 | 2. 1 























8February2014 «12> 








(U) Inspection of the Survivability Assurance Office 





3 November 2014 








(SAO) 
Se oe of NRO Cyber Incident Detection and 17 December 2014 
| (b)(1) 
25 March 2015 | 59 | 26 (b)(3) 











(U) Flash Report: Mission Operations Directorate 
Communications Systems Directorate Transition 


(U) Final Report Audit of the National 
Reconnaissance Office Management of the Silver L129 September 2015 1 8 1 





22 July 2015 











Eagle Contract 


(U) Joint Inspection of Aerospace Data Facility 
Southwest and National Geospatial-Intelligence _ 30 September 2015 





Agency Southwest 
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(U /7FOvQ)Table B2: Audit of the National Reconnaissance Office Contractor Wide 

Area Network 

Recommendation Office _ Status 

(U/PODS. Recommendation #2 for the Chief information COMM/CIO 4 (J) The Communications Systems Directorate (COMM) fas 


Officer (CIO) in coordination with the Director, Office of 
Security and Counterintelligence (OS&CI): Develop and 
implement a strateay for the management and operation 
of the Contractor Wide Area Network (OWAN). The 


developed a plan for tracking CWAN general and orivieced 

users and is ensuring that they nave taken the appropriate 

training using a Wacking tool. As of July 2016, several NRO 

contrector companies have submitted data. [he tracking 
: bat : : 











SL nt i i i i 














strategy should consider GUE of 
(b)(3) 
(b)(3) 
(b)(S) 
(U/JFOua) Table B3: Audit of the Management of Information Systems Privileged 
Users 
Recommendation Office Status 
{Ui ) Recommendation #2 for the Director, COMM: COMM (U/7PO8Q) COMM revised the NRO Directive 52-20, Privileged 





User Management, which is currently in coordination, to 
clarify privileged user requirements. / 








(b)(3) 














INRO privileged users. 





initial ECD: September 2013 
Current ECD: August 2016 
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(U) Table B4: Audit of Chief Information Officer Management of National 
Reconnaissance Office Information Technology 


Recommendation Office _ Status 


(U//FORSA Recommendation #2 for the DNRO: Direct Director, NRO (U//FOUS}.COMM/CIO has satisfied the recommendation to 
and ensure that CIO, the Systems Engineering Directorete (DNRO) | update relevant [T-related documents under its purview (NRO 
(SED), Business Plans and Operations (BPO), and the delegated to Business Function 50). Recommendation remains open 

Office of Policy and Strategy (OP&S), in coordination with COMM/CIO pending receipt anc review of the update to the NRO 


other Directorates and Offices as appropriate, establish Business Function 10 policies and associated instructions 
clear and authoritative lines of information technology : Currently being performed by the Corporate Secrelariat as 
(I] related roles, responsibilities, ownership, and | part of the acquisition oversight transition efforts. 
accountabilily by updating relevant NRO policies, Initial ECD: June 2015 

directives, instructions, governance plans, and Letters of | Current ECD: December 2016 

Instruction to clarify the CIO's responsibilities. ' 


(U//FOUO) Recommendation #5 for the CIO: Review and 
update the investment management Concept of 
Operations (CONOPS) to ensure that the investment 
management process aligns with federal guidance and 
best practices. 












COMM/CIO H (U//F OMM/CIO has satisfied the recommendation to 

| update the CONOPS. However, the updated CONOPS refers 

| to NRO acquisition policies and instructions that have not 

| been updated per recommendation #2. Recommendation #5 
| remains open pending receipt and review of the update to the 
| NRO Business Function 10 policies and associated instructions 
| currently being performed by the Corporate Secretariat as 
part of the acquisition oversight transition efforts. 


i Initial ECD: September 2015 
| Updated ECD: March 2016 
i Current ECD: TBD 


(UPPOSQ On 1 September 2016, COMM/CIO met with OIG 
to obtain further clarification of what is required to close out 
this recommendation. Additional information will be 
forthcoming. Current ECD is to be determined based on 
any re-planning that is required based on the 1 September 
meeting. 


Initial ECD: September 2017 
Current ECD: TBD 


_(U//FODO) Recommendation #7 for the CIO: | COMM/CIO 





(b)(3) 
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(U) Table B5: Inspection of the Special Communications Office 


Recommendation Office Status 





(U/POSAL Recommendation #12 for the Director, Special SCO (b)( 1 ) 
Communications Office (SCO): Review all External 
Agreements (EA) for currency and relevance. Work with 
OPSS to update and convert Memoranda of Agreement to 


interagency Agreements as appropriate. 
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(U) Table B6: Joint Inspection of Aerospace Data Facility East and National 
Geospatial-Intelligence Agency-Franconia 


Recommendation Office _ Status 


(U/PON@L Recommendation ADF-E/NGA-F-12-131: Mission __-(U//FODS\_ Aerospace Data Facility East (ADF-£) com 
Establish or update a written process for timely reporting Operations end coordinated wilh NGA-P management 
__ atid reimbursement for sunolies and services im Directorate 
(MOD) 














(b)(3) 


O@s NOL Contain any 





major policy changes. 

Initial ECD: July 2014 

Updated ECD: October 2015 

Current ECD: 7BD (Closure actions impacted by the NRO 
Operations Transformation transition.) 











MOD : (U) MOD Security and NRO Office of Security and 

: Counterintelligence (OS&CI) are jointly working on the issue 
(b)(3) | as it is an enterprise-wide issue not unique to ADF-E. OIG 

: anticipates a status from MOD in October. 





: Initial ECD: January 2016 
: Current ECD: TBD (Closure actions impacted by the NRO 
: Operations Transformation transition.) 


(U/POVQ Recommendation ADF-E/NGA-F-12-205: (U//FODRI_NRO Directive 10-2 is currently under NRO 
Finalize and publish NAO Directive (VD) 10-2, Facilities Directorates and Offices (Ds and Os) annual review. [he 
Acquisition Planning and Execution and associated NRO associated NRO Instructions (NI) (W/ 10-2-1, Real Estate 
Instructions. Acquisition and disposal, and NI 10-2-2, Maintenance, 
Repair, Improvement, and Construction AcQuIsition) are 
with MS&O and are due to BPO by 31 Dec 2016, OIG 
expects formal approval process with Ds and Os to be 
completed by the summer of 2017. 
Initial ECD: July 2014 
| Current ECD: August 2017 






Table is UNC 


(U/ /FOWQ) Table B7: Inspection of the Survivability Assurance Office (SAO) 





Recommendation Office _ Status 
(uP) Recommendation #3A for the DNRO: Task DNRO _(U//FOD@A The draft Enterprise Capabilities Document is 
SAO and SED jointly with the responsibility to coordinate | being coordinated with the Intelligence Community. SAO 


with the Director of National Intelligence (DN) and 
Department of Defense (DoD) for the development, 
definition, and documentation of enterprise space 
protection and resiliency. 


and SED will provide a copy to the OIG once the DNI 
approves the document, subject to Intelligence Community 
Capabilities Requirements Counci review and signature 
process anticipated in December 2016. 


i 
i“ 
i‘ 
i 
( 
g 
i‘ 
g 
£ 
g 
i 
: 
£ 
g 
£ 


| Initial ECD: September 2015 
| Current ECD. December 2016 


t 


(U/, Recommendation #3B for the DNRO: Task DNRO (U) The 30 March 2016 signed AZ 130-1-6, NRO Life Cycle 
SED with the responsibility to ensure that protection and | Readiness, Addendum 1, User Guide, includes protection 
resiliency are addressed as a part of requirements/design | and resiliency entrance/exit criteria checklists and artifacts 
reviews for each major system acquisition. | for life cycle readiness events to ensure resiliency is 


| addressed within the requirements and design reviews for 
: each Major System Acquisition. SED completed the initial 
| revision of the NRO Directive 82-7a, to define architecture 
| roles and responsibilities and ensure agreement with the 

| NRO's current policy structure. Comments are being 

| adjudicated. 

| Initial ECD: March 2015 
Current ECD: June 2017 
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(U) Table B&8: Audit of NRO Cyber Incident Detection and Response 


Recommendation 


Office 
(U// POD) Recommendation #2 for the Director, COMM: 
Ensure 


Status 




















in accordance with Intelligence Community 
Sandard (CS) 502-01 and Intelligence Community 
Directive (ICD) 502. 














P Current ECD: TBD 
i (U/7FO8Q).COMM/NRO Infrastructure Service Provider 


oe (b)(3) 























Initial ECD: December 2016 


H 
H 
H 
H 
H 
H 
t 
t 
t 
H 
t 
H 
t 
H 
H 
H 
H 
t 
H 
t 

“a 
























































(b)(3) 
(b)(3) 
(b)(3) 
1 Initial ECD: June 2015 
| Current ECD: TBD 
—(LTPPSQ) Recommendation #6 for the Diractar COMM: COMM (U} COMM published the NRO Cyber Defense Strategy 

._ in February 201 
(b)(3) 

! Initial ECD: December 2015 

| Current ECD: TBD 

33 





SECRET//TAL 
Approved for Release: 2018/08/16 C05109045 


“Approved for Release: 2018/08/16 C05109045 


WERE Ef} EAL AJL) J WIT 








Recommendation Office _ Status { 
(U//POUS})Recommendation #7 for the Director, COMM: comm | (u//FowQy. comm cl (b)(3) 























ICD 502. 















| Initial ECD: April 2015 
+ Current ECD: April 2017 







(U//FOSQ) Recommendation #8 for the Director, COMM: 










































COMM (UFO NQ) COMM requested closure. 
(b)(3) 
(b)(3) 
i Initial ECD: June 2015 
i ; Current ECD: TBD 
(U// Recommendation #9 for the Director, COMM: (b)(3) 








(b)(3) 








e 
3 


ni r 
' Current ECD: October 2016 
. i 
Silke mmendation #10 for the Director. (b)(3) 























(b)(3) 

















| Initial ECD: April 2015 
Current ECD: TBD 
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(U) Table B10: Flash Report: Mission Operations Directorate Communications 
Systems Directorate Transition 


Recommendation Office _ Status 


(U7TPSLQ) Recommendation #1 (for D/COMM and MOD/COMM _{ (U) Some COMM/MOD transitioning items are bein 
D/MOD, in coordination with D/SED): Review the status i adcressed 

of the (SA and develop a milestone schedule or roadmap i (OIG @xpecs supporing (b)(3) 
for resolving [esues thal were identified to be worked at i documentation listing lems remaining open in ihe TSA 

unspecified dates. i; Mot covered by the in Octoder. 


+ 


i Initial ECD: December 2015 
i Current ECD: September 2016 























‘ea i i i i i 





(U) Table Bii1: Final Report Audit of the National Reconnaissance Office 
Management of the Silver Eagle Contract 


Recommendation Office Status 


(U/JPORSS Recommendation #10 for the Director, COMM COMM (b)(3) 
in coordination with the Director, OS&CI: Develop and 
implement a risk midgation plan te comply with NRO and 
contract requirement to 


A. monitor Sliver Eagle activities: and 












































Initial ECD: June 2016 
CurrentECD: [BD 





i 
i 
1 
t 
i 
t 
i 
t 
i 
t 
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i 
i 
t 
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t 
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t 
1 
1 
1 
1 
1 
1 
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(U) Table B12: Joint Inspection of Aerospace Data Facility Southwest and National 
Geospatial-Intelligence Agency Southwest 


Recommendation Office __ Status 


F) ADPSW-15-1001 for Aerospace Data Facility Site Leve: _ (2) The Site Commander signed an affidavit attesting 
thwest (ADE-SW)\ Onerations Squadron (OS) to the completion of this recommendation and the 
final MOD memo requesting closure for this 
(b)(1 ) recommendation is in process. OIG anticpates 
(b)(3) Cosure when we receive final documentation and 

Supporting closure evidence. 


Infval ECD: (BD (Closure actions impacted by tne 
NRO Operations Transformation transition.) 
































(U//FO Recommendation ADFSW-15-1025 for ADF- 
SW_NRO/COMM/NISP) 


COMM 


(b)(3) 








(b)(3) 


J 








The site assigned a 
: Systems Engineering and Integration lead to 
: accomplish these tasks. COMM is on schedule to 
complete the initiative by 31 December 2016. 

: Initial ECD: December 2016 
(U//PORRL Recommendation ADFSW-15-1027 for _ (U) MS&O has monitored the sufficiency of ADF-SW‘s 
ADFE/SW/MSD: Monitor the sufficiency of ADF-SW’s EAP : EAP remote services for a period of 12 months and is 
remote services schedule for a period of 12 months: : how analyzing the data to determine if adjustments 
based on data collected, document analysis and : are warranted. OIG anticipates a coordinated 
determine if adjustments are warranted. : MOD/MS&O status memo in October. 

Initial ECD: TBD (Closure actions impacted by the 

» NRO Operations Transformation transition.) 
MOD/MS&O : (U) OIG anticipates a coordinated MOD/MS&O status 
(b)( memo in October. 

b)(3) Initial ECD: TBD (Closure actions impacted by the 
NRO Operations Transformation transition.) 
(U/]POSE\ Recommendation ADFSW-15-2002 for MOD/MS&O (U) OIG anticipates a coordinated MOD/MS&O status 
D/MOD: wae - publish directorate-level guidance memo in October. 
and/or policy 70) a) of tne NRG innovation Centers tor Initial ECD: TBD (Closure actions impacted by the 
inclusion in the NBF 60 and/or ND 60-1. _ NRO Operations Transformation transition.) 

_ Current ECD: December 2017 
' (U) NROC published the NRO MOD Enterprise 


:_ Operations (b)(3) 
OIG anticipates a coordinated 


; MOD/MS&O status memo in October. 
Initial ECD: TBD (Closure actions impacted by the 
: NRO Operations Transformation transition.) 
| Current ECD: December 2017 
(UJPONe). Recommendation ADFSW-15- 2004 for MOD/MS&O | () OIG anticipates a coordinated MOD/MS&O status 
D/MOD: Develo and publish directorate-level quidance : memo in October. 

b)(3 Initial ECD: TBD (Closure actions impacted by the NRO 

perations Transformation transition. 

(b)(3) Operati f ion.) 
Current ECD: December 2017 

















































(U//FOUS}~Recommendation ADFSW-15-2003 for 
D/MOD: Develop_and publish directorate-level quidance 
and/or policy fo 


MOD/MS&0O 


(b)(3) 















































OF 





mmclusion if ie NBP 60 and/or ND 60-1. 


(U77PObQ) Recommendation ADFSW-15-2005 for D/MOD 
In NI 60-1-1, clarify the definition and intent of the term 
“event awareness” in association with submitting written | Initial ECD: TBD (Closure actions impacted by the NRO 
SITREPs. Operations Transformation transition.) 


(U/PONQ) Recommendation ADFSW-15-2006 for () OIG anticnpates a coordinated MOD/MSEO status 
D/MOD: Ip NI 60-1-1, define a long-term system outage, memo ip October. 

the frequency of required updates, and to whom the intel ECD: TBD (Closure actions impacted by the NRO 
Updates wil be reported. | Operations Transformation transition.) 








MOD/MS&0 (U) OIG anticipates a coordinated MOD/MS&O status 


; memo in October. 
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